You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@usergrid.apache.org by md...@apache.org on 2017/08/28 23:23:50 UTC

[04/15] usergrid git commit: add password complexity check before submitting during reset password flow

add password complexity check before submitting during reset password flow


Project: http://git-wip-us.apache.org/repos/asf/usergrid/repo
Commit: http://git-wip-us.apache.org/repos/asf/usergrid/commit/70de6fde
Tree: http://git-wip-us.apache.org/repos/asf/usergrid/tree/70de6fde
Diff: http://git-wip-us.apache.org/repos/asf/usergrid/diff/70de6fde

Branch: refs/heads/master
Commit: 70de6fde4438bd4ba750806e5b4a23cd9aa07d9b
Parents: 459163b
Author: Mike Dunker <md...@google.com>
Authored: Thu Aug 17 11:02:36 2017 -0700
Committer: Mike Dunker <md...@google.com>
Committed: Thu Aug 17 11:02:36 2017 -0700

----------------------------------------------------------------------
 .../usergrid/rest/applications/users/UserResource.java    |  9 +++++++++
 .../usergrid/rest/management/users/UserResource.java      |  9 +++++++++
 .../org/apache/usergrid/management/ManagementService.java | 10 +++++-----
 .../management/cassandra/ManagementServiceImpl.java       | 10 ++++++++++
 4 files changed, 33 insertions(+), 5 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/usergrid/blob/70de6fde/stack/rest/src/main/java/org/apache/usergrid/rest/applications/users/UserResource.java
----------------------------------------------------------------------
diff --git a/stack/rest/src/main/java/org/apache/usergrid/rest/applications/users/UserResource.java b/stack/rest/src/main/java/org/apache/usergrid/rest/applications/users/UserResource.java
index 5435f7e..3e4542d 100644
--- a/stack/rest/src/main/java/org/apache/usergrid/rest/applications/users/UserResource.java
+++ b/stack/rest/src/main/java/org/apache/usergrid/rest/applications/users/UserResource.java
@@ -17,6 +17,7 @@
 package org.apache.usergrid.rest.applications.users;
 
 
+import java.util.Collection;
 import java.util.Map;
 import java.util.UUID;
 
@@ -465,6 +466,14 @@ public class UserResource extends ServiceResource {
             if ( ( password1 != null ) || ( password2 != null ) ) {
                 if ( management.checkPasswordResetTokenForAppUser( getApplicationId(), getUserUuid(), token ) ) {
                     if ( ( password1 != null ) && password1.equals( password2 ) ) {
+                        // validate password
+                        Collection<String> violations = management.passwordPolicyCheck(password1, false);
+                        if (violations.size() > 0) {
+                            // password not valid
+                            errorMsg = management.getPasswordDescription(false);
+                            return handleViewable("resetpw_set_form", this, getOrganizationName());
+                        }
+
                         management.setAppUserPassword( getApplicationId(), getUser().getUuid(), password1 );
                         management.revokeAccessTokenForAppUser( token );
                         return handleViewable( "resetpw_set_success", this, getOrganizationName() );

http://git-wip-us.apache.org/repos/asf/usergrid/blob/70de6fde/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UserResource.java
----------------------------------------------------------------------
diff --git a/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UserResource.java b/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UserResource.java
index b747aa4..1f80bc1 100644
--- a/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UserResource.java
+++ b/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UserResource.java
@@ -43,6 +43,7 @@ import javax.ws.rs.*;
 import javax.ws.rs.core.Context;
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.UriInfo;
+import java.util.Collection;
 import java.util.Map;
 import java.util.UUID;
 
@@ -297,6 +298,14 @@ public class UserResource extends AbstractContextResource {
             if ( ( password1 != null ) || ( password2 != null ) ) {
                 if ( management.checkPasswordResetTokenForAdminUser( user.getUuid(), tokenInfo ) ) {
                     if ( ( password1 != null ) && password1.equals( password2 ) ) {
+                        // validate password
+                        Collection<String> violations = management.passwordPolicyCheck(password1, true);
+                        if (violations.size() > 0) {
+                            // password not valid
+                            errorMsg = management.getPasswordDescription(true);
+                            return handleViewable( "resetpw_set_form", this, organizationId );
+                        }
+
                         management.setAdminUserPassword( user.getUuid(), password1 );
                         management.revokeAccessTokenForAdminUser( user.getUuid(), token );
                         loginEndpoint = properties.getProperty("usergrid.viewable.loginEndpoint");

http://git-wip-us.apache.org/repos/asf/usergrid/blob/70de6fde/stack/services/src/main/java/org/apache/usergrid/management/ManagementService.java
----------------------------------------------------------------------
diff --git a/stack/services/src/main/java/org/apache/usergrid/management/ManagementService.java b/stack/services/src/main/java/org/apache/usergrid/management/ManagementService.java
index 2b88b07..8b840d6 100644
--- a/stack/services/src/main/java/org/apache/usergrid/management/ManagementService.java
+++ b/stack/services/src/main/java/org/apache/usergrid/management/ManagementService.java
@@ -17,11 +17,7 @@
 package org.apache.usergrid.management;
 
 
-import java.util.List;
-import java.util.Map;
-import java.util.Properties;
-import java.util.Set;
-import java.util.UUID;
+import java.util.*;
 
 import org.apache.usergrid.persistence.CredentialsInfo;
 import org.apache.usergrid.persistence.Entity;
@@ -372,6 +368,10 @@ public interface ManagementService {
 
 	Observable<Id> deleteAllEntities(final UUID applicationId,final int limit);
 
+    Collection<String> passwordPolicyCheck(String password, boolean isAdminUser);
+
+    String getPasswordDescription(boolean isAdminUser);
+
 
     // DO NOT REMOVE BELOW METHODS, THEY ARE HERE TO ALLOW EXTERNAL CLASSES TO OVERRIDE AND HOOK INTO POST PROCESSING
     void createOrganizationPostProcessing( final OrganizationInfo orgInfo,

http://git-wip-us.apache.org/repos/asf/usergrid/blob/70de6fde/stack/services/src/main/java/org/apache/usergrid/management/cassandra/ManagementServiceImpl.java
----------------------------------------------------------------------
diff --git a/stack/services/src/main/java/org/apache/usergrid/management/cassandra/ManagementServiceImpl.java b/stack/services/src/main/java/org/apache/usergrid/management/cassandra/ManagementServiceImpl.java
index 2ba9bde..89375fd 100644
--- a/stack/services/src/main/java/org/apache/usergrid/management/cassandra/ManagementServiceImpl.java
+++ b/stack/services/src/main/java/org/apache/usergrid/management/cassandra/ManagementServiceImpl.java
@@ -3412,6 +3412,16 @@ public class ManagementServiceImpl implements ManagementService {
         return service.deleteAllEntities(CpNamingUtils.getApplicationScope(applicationId),limit);
     }
 
+    @Override
+    public Collection<String> passwordPolicyCheck(String password, boolean isAdminUser) {
+        return passwordPolicy.policyCheck(password, isAdminUser);
+    }
+
+    @Override
+    public String getPasswordDescription(boolean isAdminUser) {
+        return passwordPolicy.getDescription(isAdminUser);
+    }
+
     private String getProperty(String key) {
         String obj = properties.getProperty(key);
         if(StringUtils.isEmpty(obj))